EP3318077B1 - Circumventing wireless device spatial tracking based on wireless device identifiers - Google Patents
Circumventing wireless device spatial tracking based on wireless device identifiers Download PDFInfo
- Publication number
- EP3318077B1 EP3318077B1 EP16742086.8A EP16742086A EP3318077B1 EP 3318077 B1 EP3318077 B1 EP 3318077B1 EP 16742086 A EP16742086 A EP 16742086A EP 3318077 B1 EP3318077 B1 EP 3318077B1
- Authority
- EP
- European Patent Office
- Prior art keywords
- network
- wireless
- networks
- computer
- wireless networks
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000004044 response Effects 0.000 claims description 29
- 230000006855 networking Effects 0.000 claims description 13
- 238000000034 method Methods 0.000 claims description 9
- 238000012360 testing method Methods 0.000 claims description 9
- 238000004891 communication Methods 0.000 claims description 6
- 230000003993 interaction Effects 0.000 claims description 2
- 230000007704 transition Effects 0.000 description 14
- 238000010586 diagram Methods 0.000 description 7
- 230000001351 cycling effect Effects 0.000 description 4
- 230000001413 cellular effect Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 239000000969 carrier Substances 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W36/00—Hand-off or reselection arrangements
- H04W36/0005—Control or signalling for completing the hand-off
- H04W36/0011—Control or signalling for completing the hand-off for data sessions of end-to-end connection
- H04W36/0033—Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information
- H04W36/0038—Control or signalling for completing the hand-off for data sessions of end-to-end connection with transfer of context information of security context information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/02—Services making use of location information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/02—Services making use of location information
- H04W4/029—Location-based management or tracking services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/16—Discovering, processing access restriction or access information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W64/00—Locating users or terminals or network equipment for network management purposes, e.g. mobility management
- H04W64/003—Locating users or terminals or network equipment for network management purposes, e.g. mobility management locating network equipment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/02—Hierarchically pre-organised networks, e.g. paging networks, cellular networks, WLAN [Wireless Local Area Network] or WLL [Wireless Local Loop]
- H04W84/10—Small scale networks; Flat hierarchical networks
- H04W84/12—WLAN [Wireless Local Area Networks]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W88/00—Devices specially adapted for wireless communication networks, e.g. terminals, base stations or access point devices
- H04W88/02—Terminal devices
- H04W88/06—Terminal devices adapted for operation in multiple networks or having at least two operational modes, e.g. multi-mode terminals
Definitions
- Mobile devices such as smart phones, tablet computers, laptop computers, automobile computers, and smart cameras all provide additional functionality when connected to the Internet.
- a mobile device that is presently connected to the Internet can receive and send email messages; interact with websites; obtain the full benefit of executing applications that have a backend component; download new programs, program updates, and media artifacts; access remote files; etc.
- mobile devices connect to the Internet via wireless communications channels.
- Many mobile devices are equipped to connect to the Internet via cellular data networks operated by wireless telephony carriers. Some mobile devices are not so equipped, however, and those that are may incur significant marginal charges for sending or receiving significant volumes of data via cellular data networks.
- Wi-Fi networks are often free or inexpensive to use, and can in some places provide Internet connectivity where cellular data networks cannot, many mobile devices are configured to frequently scan for available Wi-Fi networks, such as at any time when the mobile device is not already actively connected to a Wi-Fi network. Performing such scanning enables the mobile device to automatically connect to already-known Wi-Fi networks, and notify its user of new Wi-Fi networks within connection range that the user can choose to connect to.
- WO2008.130127 teaches a method of performing initial ranging in a wireless communication system includes transmitting a ranging request message and receiving a ranging response message including a temporary identifier for a mobile station which transmits the ranging request message.
- a temporary identifier which identifies the mobile station before establishing authentication, it is possible to prevent the MAC address from being exposed to a malicious attacker through a wireless interface and to secure location privacy.
- US2010/260142 teaches a device, system and method for performing an uncontrolled handover in a mobile station, a ranging request message including an identifier of a serving base station and a first identifier used in the serving base station is transmitted to a first target base station to perform network (re)entry to the first target base station, and a ranging response message including security information and a second identifier for identifying the mobile station is received from the first target base station.
- a facility for interacting with data networks using a permanent network identifier persistently stored within a computing system in response to an opportunity to connect to a first data network, the facility identifies information for the first data network, and determines whether the determined identifying information for the first data network matches any of a set of approved data networks. In response to determining that it does, the facility establishes a connection with the first data network using the computing system's permanent network identifier, and conducts the established connection with the first data network using the computing system's permanent network identifier. In response to an opportunity to connect to a second data network, the facility determines identifying information for the second data network, and determines whether the determined identifying information for the second data network matches any of the set of approved data networks.
- the facility In response to determining that it does not, the facility establishes a connection with the second data network using a temporary network identifier that is different from the computing system's permanent network identifier, and conducts the established connection with the first data network using the temporary network identifier.
- the inventor has identified significant disadvantages with conventional approaches to the conventional mobile device networking technique of continuously scanning for available Wi-Fi networks.
- scanning by mobile device involves the mobile device sending a permanent network identifier of the mobile device called a "media access control address" ("MAC address," or simply "MAC").
- MAC address media access control address
- the inventor has recognized that, by tracking the appearance over time of scanning communications containing a particular MAC address, the operator of a Wi-Fi network in a particular location can discover the times at which a corresponding particular wireless device passes near the Wi-Fi network, thus impairing the privacy of movement of a person carrying the wireless device.
- the inventor has further deduced that a single entity operating multiple Wi-Fi networks or multiple separate entities operating Wi-Fi networks and sharing such tracking information can construct an even more complete picture of a person's movements.
- the inventor has conceived and reduced to practice a software and/or hardware facility for circumventing wireless device spatial tracking based on wireless device identifiers ("the facility").
- the facility does a significant portion of its scanning for Wi-Fi networks using a rotating, random substitute for its permanent MAC address, referred to herein as a "temporary MAC address" or "temporary MAC.”
- a temporary MAC address or "temporary MAC.”
- the facility uses the device's permanent MAC address to scan for Wi-Fi networks and connect to Wi-Fi networks.
- the wireless device is not within range of such a trusted Wi-Fi network
- the facility uses a temporary MAC address to scan for and connect to Wi-Fi networks.
- the facility periodically switches, or "cycles" the temporary MAC address being used to inhibit tracking even on a fine timescale.
- the facility includes Wi-Fi networks in its set of trusted Wi-Fi networks on a variety of bases, including the user explicitly designating a Wi-Fi network as trusted, a user explicitly choosing to connect to a Wi-Fi network, a user providing certain credentials as part of connecting to a Wi-Fi network, external configuration of the set of trusted Wi-Fi networks by an administrator or a certification authority, etc.
- the facility determines that the device is within range of a trusted Wi-Fi network if the name of a Wi-Fi network identified as available by scanning matches the name of a Wi-Fi network in the set of trusted Wi-Fi networks. In some examples, the facility further or instead requires that geographic positioning services on the device, such as those based upon GPS locating techniques, report that the device is within a range of geographic locations believed to be within the range of a trusted Wi-Fi network.
- the facility reduces the ability of operators of Wi-Fi networks to spatially track wireless devices without abrogating the benefits produced by Wi-Fi scanning.
- the facility also permits wireless devices to interact properly with trusted Wi-Fi networks that implement MAC filteringthat is, that only allow connections from devices using an approved native MAC address.
- Figure 1 is a block diagram showing some of the components that may be incorporated in at least some of the computer systems and other devices on which the facility operates.
- these computer systems and other devices 100 can include server computer systems, desktop computer systems, laptop computer systems, tablet computer systems, netbooks, mobile phones, personal digital assistants, televisions, cameras, automobile computers, electronic media players, electronic kiosk devices, electronic table devices, electronic whiteboard devices, etc.
- the computer systems and devices may include any number of the following: a central processing unit ("CPU") 101 for executing computer programs; a computer memory 102 for storing programs and data while they are being used, including the facility and associated data, an operating system including a kernel and device drivers, and one or more applications; a persistent storage device 103, such as a hard drive or flash drive for persistently storing programs and data; a computer-readable media drive 104, such as a floppy, CD-ROM, or DVD drive, for reading programs and data stored on a computer-readable medium; and/or a communications subsystem 105 for connecting the computer system to other computer systems and/or other devices to send and/or receive data, such as via the Internet or another wired or wireless network and its networking hardware, such as switches, routers, repeaters, electrical cables and optical fibers, light emitters and receivers, radio transmitters and receivers, and the like.
- CPU central processing unit
- a computer memory 102 for storing programs and data while they are being used, including the facility and associated data,
- Figure 2 is a state diagram showing how the facility transitions between states corresponding to the use of the device's native MAC versus temporary MACs in some examples.
- Figure 2 shows four states, states 210, 220, 230, and 240, that the facility transitions between.
- state 210 the facility causes the device to scan for available Wi-Fi networks using a temporary MAC.
- the facility begins in state 210 when it begins operating.
- the facility While the facility remains in step 210, the facility periodically cycles the temporary MAC address that the device is using to scan for Wi-Fi networks. In some examples, the facility performs this cycling at a regular or semi-regular interval, such as every one second, 5 seconds, 15 seconds, 30 seconds, 60 seconds, 90 seconds, 2 minutes, 4 minutes, 5 minutes, 10 minutes, 15 minutes, 30 minutes, etc. In some examples, in order to make it more difficult for the operators of Wi-Fi networks to connect one temporary MAC used before cycling and another temporary MAC used after cycling, the facility does one or both of (1) randomizing the length of the cycling period; and (2) imposing breaks in scanning of varying length between the scanning done with temporary MACs that are adjacent in time.
- the device and the facility use 48-bit MAC-48 MAC addresses. In some examples, the device and the facility use 48-bit EUI-48 MAC addresses. In some examples, the device and the facility use 64-bit EUI-64 MAC addresses.
- the facility seeks to inhibit the association of the new temporary MAC with earlier temporary MACs. In some examples, the facility randomizes the entirety of the new temporary MAC. In some examples, the facility randomizes portions of the new temporary MAC that are not likely to be a basis for how wireless networks will treat the device for networking purposes. In some examples, the facility randomizes portions of the new temporary MAC that commonly vary among wireless devices. In some examples, to generate a new temporary MAC, the facility selects a MAC that it determines is presently in use by a nearby device, and randomizes certain portions of the nearby device's MAC.
- the state diagram shows two state transitions to other states from state 210: a transition 211 from state 210 to state 220 upon connection to a non-trusted network, and transition 212 from state 210 to state 230 upon entering the range of a trusted network.
- transition 211 from state 210 to state 220 in state 220, the facility causes the device to continue to use the temporary MAC that it was using when it connected to the non-trusted network until the facility exits this state. If this connection is disconnected at a time when the device is outside the range of any trusted network, then the facility follows transition 221 from state 220 back to state 210. While in state 220, if the connection is disconnected within range of a trusted network, then the facility transitions from state 220 to state 230.
- state 230 the device is within range of a trusted network. Accordingly, in state 230, the facility causes the device to perform Wi-Fi network scanning using its native MAC. If the device subsequently leaves the range of all trusted networks, then the facility follows transition 232 from state 230 to state 210 to revert to scanning using temporary MACs. Conversely, if the facility is in state 210 scanning using temporary MACs and enters the range of a trusted network, then the facility follows transition 212 from state 210 to state 230 to instead scan using the native MAC. While in state 230, if the device connects to a network while the device is within range of a trusted network, then the facility follows transition 231 from state 230 to state 240.
- state 240 the device is connected to a network using its native MAC. If, while in state 240, disconnection from this network occurs at a time when the device is within range of a trusted network, then the facility follows transition 241 from state 240 to state 232 to cause the device to scan using the device's native MAC. If, on the other hand, disconnection occurs outside the range of any trusted network, then the facility follows transition 242 from state 240 to state 210 to cause the device to scan for networks using a temporary MAC.
- Figure 3 is a network diagram depicting operation of the facility as a device is carried through a path.
- the path 300 is from starting point 301 to ending point 312.
- the path traverses four untrusted networks 351-354, and one trusted network 361.
- the segments of the path that are chords of a network's roughly circular range are said to be "in range" of the network, either in that the network appears in scans performed throughout the segment, the facility defines the network as occupying this geographic area, or both.
- the hashes along path 300 indicate the version of the MAC being used by the facility at each point in the path. From point 301 to point 303, the diagonal hashes indicate that the facility uses a first temporary MAC.
- a timer maintained by the facility expires, and the facility switches to using a new temporary MAC, which is shown here by hashes that extend in a different diagonal direction.
- a second horizontal line segment above the hashes shows that the device is connected to untrusted network 352, using the temporary MAC with which it was scanning when untrusted network 352 became available to the device.
- the horizontal line shows that this connection ends at point 306, when the device exits the range of untrusted network 352.
- the facility continues scanning with the temporary MAC used to connect to untrusted network 352 from point 306 until point 308, at which time the timer expires again and the facility switches to a third temporary MAC, with which it scans from point 308 to point 309.
- the timer expires again, and the facility switches to using a fourth temporary MAC for network scanning.
- the device comes in range of trusted network 361, the trustedness of which is indicated by a double circle. Between points 310 and 311, the vertical hashes and second horizontal line above them indicate that the facility connects to trusted network 361 using its native MAC. When the device reaches point 311 at the edge of trusted network 361's range, the facility switches from its native MAC to a new temporary MAC to resume scanning. It should be noted that the segment from point 305 to point 306 indicates that the facility connects to at least some untrusted networks using temporary MACs, thus depriving these untrusted networks of opportunities they would otherwise have had to learn the device's native MAC.
- the facility provides a computer system for interacting with wireless networks.
- the computer system comprises: a networking module configured to persistently store a network ID identifying the computer system; a radio configured to exchange wireless data communications with wireless networks; a network range testing subsystem configured to determine whether the computer system is in communicative range of a wireless network present on a list of approved wireless networks; and a control subsystem configured to: in response to a determination by the network range testing subsystem that the computer system is in communicative range of a wireless network present on a list of approved wireless networks, cause the radio to establish a connection with a wireless network using the network ID persistently stored by the networking module, and in response to a determination by the network range testing subsystem that the computer system is not in communicative range of a wireless network present on a list of approved wireless networks, cause the radio to establish a connection with a wireless network using a network ID different from the network ID persistently stored by the networking module.
- the facility provides a computer-readable medium having contents configured to cause a computing device to, in order to manage interactions by the computing device with wireless networks: access a list of trusted wireless networks; recurringly: determine whether the computing device is within communicative range of any of the trusted wireless networks on the accessed list; in response to determining that the computing device is within communicative range of any of the trusted wireless networks on the accessed list, perform a scan for available wireless networks using a native network address stored persistently in the computing device; and in response to determining that the computing device is not within communicative range of any of the trusted wireless networks on the accessed list, perform a scan for available wireless networks using a temporary network address different from the native network address stored persistently in the computing device.
- the facility provides a method in a computing system for interacting with data networks, the computing system having a permanent network identifier persistently stored within the computing system.
- the method comprises: in response to an opportunity to connect to a first data network: determining identifying information for the first data network; determining whether the determined identifying information for the first data network matches any of a set of approved data networks; in response to determining that the determined identifying information for the first data network matches one of the set of approved data networks: establishing a connection with the first data network using the computing system's permanent network identifier; conducting the established connection with the first data network using the computing system's permanent network identifier; in response to an opportunity to connect to a second data network: determining identifying information for the second data network; determining whether the determined identifying information for the second data network matches any of the set of approved data networks; in response to determining that the determined identifying information for the second data network matches none of the set of approved data networks: establishing a connection with the second data network using a temporary network identifier
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Mobile Radio Communication Systems (AREA)
Description
- Mobile devices such as smart phones, tablet computers, laptop computers, automobile computers, and smart cameras all provide additional functionality when connected to the Internet. For example, a mobile device that is presently connected to the Internet can receive and send email messages; interact with websites; obtain the full benefit of executing applications that have a backend component; download new programs, program updates, and media artifacts; access remote files; etc.
- Typically, mobile devices connect to the Internet via wireless communications channels. Many mobile devices are equipped to connect to the Internet via cellular data networks operated by wireless telephony carriers. Some mobile devices are not so equipped, however, and those that are may incur significant marginal charges for sending or receiving significant volumes of data via cellular data networks.
- Virtually all mobile devices are equipped to connect to the Internet via Wi-Fi networks using networking protocols specified by variants of the IEEE 802.11 standard. Because Wi-Fi networks are often free or inexpensive to use, and can in some places provide Internet connectivity where cellular data networks cannot, many mobile devices are configured to frequently scan for available Wi-Fi networks, such as at any time when the mobile device is not already actively connected to a Wi-Fi network. Performing such scanning enables the mobile device to automatically connect to already-known Wi-Fi networks, and notify its user of new Wi-Fi networks within connection range that the user can choose to connect to.
-
WO2008.130127 teaches a method of performing initial ranging in a wireless communication system includes transmitting a ranging request message and receiving a ranging response message including a temporary identifier for a mobile station which transmits the ranging request message. By using the temporary identifier which identifies the mobile station before establishing authentication, it is possible to prevent the MAC address from being exposed to a malicious attacker through a wireless interface and to secure location privacy. -
US2010/260142 teaches a device, system and method for performing an uncontrolled handover in a mobile station, a ranging request message including an identifier of a serving base station and a first identifier used in the serving base station is transmitted to a first target base station to perform network (re)entry to the first target base station, and a ranging response message including security information and a second identifier for identifying the mobile station is received from the first target base station. - According to aspects of the present invention there is provided a system, method and media as defined in the accompanying claims.
- This summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This summary is not intended to identify key factors or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter.
- A facility for interacting with data networks using a permanent network identifier persistently stored within a computing system is described. In one example facility, in response to an opportunity to connect to a first data network, the facility identifies information for the first data network, and determines whether the determined identifying information for the first data network matches any of a set of approved data networks. In response to determining that it does, the facility establishes a connection with the first data network using the computing system's permanent network identifier, and conducts the established connection with the first data network using the computing system's permanent network identifier. In response to an opportunity to connect to a second data network, the facility determines identifying information for the second data network, and determines whether the determined identifying information for the second data network matches any of the set of approved data networks. In response to determining that it does not, the facility establishes a connection with the second data network using a temporary network identifier that is different from the computing system's permanent network identifier, and conducts the established connection with the first data network using the temporary network identifier.
-
-
Figure 1 is a block diagram showing some of the components that may be incorporated in at least some of the computer systems and other devices on which the facility operates. -
Figure 2 is a state diagram showing how the facility transitions between states corresponding to the use of the device's native MAC versus temporary MACs in some examples. -
Figure 3 is a network diagram depicting operation of the facility as a device is carried through a path. - The inventor has identified significant disadvantages with conventional approaches to the conventional mobile device networking technique of continuously scanning for available Wi-Fi networks. In particular, based upon commonly-used Wi-Fi protocols established in variants of the IEEE 802.11 standard, such scanning by mobile device involves the mobile device sending a permanent network identifier of the mobile device called a "media access control address" ("MAC address," or simply "MAC"). The inventor has recognized that, by tracking the appearance over time of scanning communications containing a particular MAC address, the operator of a Wi-Fi network in a particular location can discover the times at which a corresponding particular wireless device passes near the Wi-Fi network, thus impairing the privacy of movement of a person carrying the wireless device. The inventor has further deduced that a single entity operating multiple Wi-Fi networks or multiple separate entities operating Wi-Fi networks and sharing such tracking information can construct an even more complete picture of a person's movements.
- In order to overcome these disadvantages, the inventor has conceived and reduced to practice a software and/or hardware facility for circumventing wireless device spatial tracking based on wireless device identifiers ("the facility").
- In some examples, the facility does a significant portion of its scanning for Wi-Fi networks using a rotating, random substitute for its permanent MAC address, referred to herein as a "temporary MAC address" or "temporary MAC." When the wireless device is within range of a Wi-Fi network among a group of trusted Wi-Fi networks, the facility uses the device's permanent MAC address to scan for Wi-Fi networks and connect to Wi-Fi networks. In general, when the wireless device is not within range of such a trusted Wi-Fi network, the facility uses a temporary MAC address to scan for and connect to Wi-Fi networks. During times when the facility is using a temporary MAC address and is not connected to any Wi-Fi network, the facility periodically switches, or "cycles" the temporary MAC address being used to inhibit tracking even on a fine timescale.
- In various examples, the facility includes Wi-Fi networks in its set of trusted Wi-Fi networks on a variety of bases, including the user explicitly designating a Wi-Fi network as trusted, a user explicitly choosing to connect to a Wi-Fi network, a user providing certain credentials as part of connecting to a Wi-Fi network, external configuration of the set of trusted Wi-Fi networks by an administrator or a certification authority, etc.
- In some examples, the facility determines that the device is within range of a trusted Wi-Fi network if the name of a Wi-Fi network identified as available by scanning matches the name of a Wi-Fi network in the set of trusted Wi-Fi networks. In some examples, the facility further or instead requires that geographic positioning services on the device, such as those based upon GPS locating techniques, report that the device is within a range of geographic locations believed to be within the range of a trusted Wi-Fi network.
- By behaving in some or all of the ways described above, the facility reduces the ability of operators of Wi-Fi networks to spatially track wireless devices without abrogating the benefits produced by Wi-Fi scanning. The facility also permits wireless devices to interact properly with trusted Wi-Fi networks that implement MAC filteringthat is, that only allow connections from devices using an approved native MAC address.
-
Figure 1 is a block diagram showing some of the components that may be incorporated in at least some of the computer systems and other devices on which the facility operates. In various examples, these computer systems andother devices 100 can include server computer systems, desktop computer systems, laptop computer systems, tablet computer systems, netbooks, mobile phones, personal digital assistants, televisions, cameras, automobile computers, electronic media players, electronic kiosk devices, electronic table devices, electronic whiteboard devices, etc. In various examples, the computer systems and devices may include any number of the following: a central processing unit ("CPU") 101 for executing computer programs; acomputer memory 102 for storing programs and data while they are being used, including the facility and associated data, an operating system including a kernel and device drivers, and one or more applications; apersistent storage device 103, such as a hard drive or flash drive for persistently storing programs and data; a computer-readable media drive 104, such as a floppy, CD-ROM, or DVD drive, for reading programs and data stored on a computer-readable medium; and/or acommunications subsystem 105 for connecting the computer system to other computer systems and/or other devices to send and/or receive data, such as via the Internet or another wired or wireless network and its networking hardware, such as switches, routers, repeaters, electrical cables and optical fibers, light emitters and receivers, radio transmitters and receivers, and the like. -
Figure 2 is a state diagram showing how the facility transitions between states corresponding to the use of the device's native MAC versus temporary MACs in some examples.Figure 2 shows four states,states state 210, the facility causes the device to scan for available Wi-Fi networks using a temporary MAC. In some examples, the facility begins instate 210 when it begins operating. - While the facility remains in
step 210, the facility periodically cycles the temporary MAC address that the device is using to scan for Wi-Fi networks. In some examples, the facility performs this cycling at a regular or semi-regular interval, such as every one second, 5 seconds, 15 seconds, 30 seconds, 60 seconds, 90 seconds, 2 minutes, 4 minutes, 5 minutes, 10 minutes, 15 minutes, 30 minutes, etc. In some examples, in order to make it more difficult for the operators of Wi-Fi networks to connect one temporary MAC used before cycling and another temporary MAC used after cycling, the facility does one or both of (1) randomizing the length of the cycling period; and (2) imposing breaks in scanning of varying length between the scanning done with temporary MACs that are adjacent in time. - In some examples, the device and the facility use 48-bit MAC-48 MAC addresses. In some examples, the device and the facility use 48-bit EUI-48 MAC addresses. In some examples, the device and the facility use 64-bit EUI-64 MAC addresses. In generating each new temporary MAC, the facility seeks to inhibit the association of the new temporary MAC with earlier temporary MACs. In some examples, the facility randomizes the entirety of the new temporary MAC. In some examples, the facility randomizes portions of the new temporary MAC that are not likely to be a basis for how wireless networks will treat the device for networking purposes. In some examples, the facility randomizes portions of the new temporary MAC that commonly vary among wireless devices. In some examples, to generate a new temporary MAC, the facility selects a MAC that it determines is presently in use by a nearby device, and randomizes certain portions of the nearby device's MAC.
- The state diagram shows two state transitions to other states from state 210: a
transition 211 fromstate 210 tostate 220 upon connection to a non-trusted network, andtransition 212 fromstate 210 tostate 230 upon entering the range of a trusted network. With respect totransition 211 fromstate 210 tostate 220, instate 220, the facility causes the device to continue to use the temporary MAC that it was using when it connected to the non-trusted network until the facility exits this state. If this connection is disconnected at a time when the device is outside the range of any trusted network, then the facility followstransition 221 fromstate 220 back tostate 210. While instate 220, if the connection is disconnected within range of a trusted network, then the facility transitions fromstate 220 tostate 230. - In
state 230, the device is within range of a trusted network. Accordingly, instate 230, the facility causes the device to perform Wi-Fi network scanning using its native MAC. If the device subsequently leaves the range of all trusted networks, then the facility followstransition 232 fromstate 230 tostate 210 to revert to scanning using temporary MACs. Conversely, if the facility is instate 210 scanning using temporary MACs and enters the range of a trusted network, then the facility followstransition 212 fromstate 210 tostate 230 to instead scan using the native MAC. While instate 230, if the device connects to a network while the device is within range of a trusted network, then the facility followstransition 231 fromstate 230 tostate 240. Instate 240, the device is connected to a network using its native MAC. If, while instate 240, disconnection from this network occurs at a time when the device is within range of a trusted network, then the facility followstransition 241 fromstate 240 tostate 232 to cause the device to scan using the device's native MAC. If, on the other hand, disconnection occurs outside the range of any trusted network, then the facility followstransition 242 fromstate 240 tostate 210 to cause the device to scan for networks using a temporary MAC. -
Figure 3 is a network diagram depicting operation of the facility as a device is carried through a path. Thepath 300 is fromstarting point 301 to endingpoint 312. The path traverses four untrusted networks 351-354, and one trustednetwork 361. The segments of the path that are chords of a network's roughly circular range are said to be "in range" of the network, either in that the network appears in scans performed throughout the segment, the facility defines the network as occupying this geographic area, or both. The hashes alongpath 300 indicate the version of the MAC being used by the facility at each point in the path. Frompoint 301 to point 303, the diagonal hashes indicate that the facility uses a first temporary MAC. Atpoint 303, a timer maintained by the facility expires, and the facility switches to using a new temporary MAC, which is shown here by hashes that extend in a different diagonal direction. Betweenpoints untrusted network 352, using the temporary MAC with which it was scanning whenuntrusted network 352 became available to the device. The horizontal line shows that this connection ends atpoint 306, when the device exits the range ofuntrusted network 352. The facility continues scanning with the temporary MAC used to connect tountrusted network 352 frompoint 306 untilpoint 308, at which time the timer expires again and the facility switches to a third temporary MAC, with which it scans frompoint 308 topoint 309. Atpoint 309, the timer expires again, and the facility switches to using a fourth temporary MAC for network scanning. Atpoint 310, the device comes in range of trustednetwork 361, the trustedness of which is indicated by a double circle. Betweenpoints network 361 using its native MAC. When the device reachespoint 311 at the edge of trustednetwork 361's range, the facility switches from its native MAC to a new temporary MAC to resume scanning. It should be noted that the segment frompoint 305 to point 306 indicates that the facility connects to at least some untrusted networks using temporary MACs, thus depriving these untrusted networks of opportunities they would otherwise have had to learn the device's native MAC. - In some examples, the facility provides a computer system for interacting with wireless networks. The computer system comprises: a networking module configured to persistently store a network ID identifying the computer system; a radio configured to exchange wireless data communications with wireless networks; a network range testing subsystem configured to determine whether the computer system is in communicative range of a wireless network present on a list of approved wireless networks; and a control subsystem configured to: in response to a determination by the network range testing subsystem that the computer system is in communicative range of a wireless network present on a list of approved wireless networks, cause the radio to establish a connection with a wireless network using the network ID persistently stored by the networking module, and in response to a determination by the network range testing subsystem that the computer system is not in communicative range of a wireless network present on a list of approved wireless networks, cause the radio to establish a connection with a wireless network using a network ID different from the network ID persistently stored by the networking module.
- In some examples, the facility provides a computer-readable medium having contents configured to cause a computing device to, in order to manage interactions by the computing device with wireless networks: access a list of trusted wireless networks; recurringly: determine whether the computing device is within communicative range of any of the trusted wireless networks on the accessed list; in response to determining that the computing device is within communicative range of any of the trusted wireless networks on the accessed list, perform a scan for available wireless networks using a native network address stored persistently in the computing device; and in response to determining that the computing device is not within communicative range of any of the trusted wireless networks on the accessed list, perform a scan for available wireless networks using a temporary network address different from the native network address stored persistently in the computing device.
- In some examples, the facility provides a method in a computing system for interacting with data networks, the computing system having a permanent network identifier persistently stored within the computing system. The method comprises: in response to an opportunity to connect to a first data network: determining identifying information for the first data network; determining whether the determined identifying information for the first data network matches any of a set of approved data networks; in response to determining that the determined identifying information for the first data network matches one of the set of approved data networks: establishing a connection with the first data network using the computing system's permanent network identifier; conducting the established connection with the first data network using the computing system's permanent network identifier; in response to an opportunity to connect to a second data network: determining identifying information for the second data network; determining whether the determined identifying information for the second data network matches any of the set of approved data networks; in response to determining that the determined identifying information for the second data network matches none of the set of approved data networks: establishing a connection with the second data network using a temporary network identifier that is different from the computing system's permanent network identifier; and conducting the established connection with the first data network using the temporary network identifier.
- It will be appreciated by those skilled in the art that the above-described facility may be straightforwardly adapted or extended in various ways. While the foregoing description makes reference to particular embodiments, the scope of the invention is defined solely by the claims that follow and the elements recited therein.
Claims (15)
- A method in a computing system (100) for interacting with wireless Wi-Fi data networks, the computing system having a permanent network identifier persistently stored within the computing system, the method comprising:in response to an opportunity to connect to a first data network:determining identifying information for the first data network;determining whether the determined identifying information for the first data network matches any of a set of approved data networks;in response to determining that the determined identifying information for the first data network matches one of the set of approved data networks:establishing (300) a connection with the first data network using the computing system's permanent network identifier;conducting (310 to 311) the established connection with the first data network using the computing system's permanent network identifier;in response to an opportunity to connect to a second data network:determining identifying information for the second data network;determining whether the determined identifying information for the second data network matches any of the set of approved data networks;in response to determining that the determined identifying information for the second data network matches none of the set of approved data networks:establishing a connection with the second data network using a temporary network identifier that is different from the computing system's permanent network identifier; andconducting the established connection with the first data network using the temporary network identifier.
- A computer system (100) for interacting with wireless Wi-Fi data networks, comprising:a networking module (191; 102; 103; 104) configured to persistently store a network ID identifying the computer system;a radio (105) configured to exchange wireless data communications with wireless networks;a network range testing subsystem (101; 102; 103; 104) configured to determine (211; 212; 221; 222; 231; 232; 241; 242) whether the computer system is in communicative range of a wireless network present on a list of approved wireless networks; anda control subsystem (101; 102; 103; 104) configured to:in response to a determination (231) by the network range testing subsystem that the computer system is in communicative range of a wireless network present on a list of approved wireless networks, cause the radio to establish a connection (310 to 311) with a wireless network (351-354; 361) using (240) the network ID persistently stored by the networking module, andin response to a determination (221; 232; 242; 211) by the network range testing subsystem that the computer system is not in communicative range of a wireless network present on a list of approved wireless networks, cause the radio to establish a connection with a wireless network (351-354; 361) using (220) a temporary network ID different from the network ID persistently stored by the networking module.
- The computer system of claim 2 wherein the control subsystem is further configured to, in response to a determination (212; 241) by the network range testing subsystem that the computer system is in communicative range of a wireless network present on a list of approved wireless networks, cause the radio to scan for available wireless networks using (230) the network ID persistently stored by the networking module.
- The computer system of claim 2 wherein the control subsystem is further configured to, in response to a determination (221; 232) by the network range testing subsystem that the computer system is not in communicative range of a wireless network present on a list of approved wireless networks, cause the radio to scan for available wireless networks using (210) a network ID different from the network ID persistently stored by the networking module.
- The computer system of claim 4, further comprising:
a temporary network ID selection subsystem configured to recurringly select (210) new network IDs to be used to scan (210) for available wireless networks in response to a determination (221; 232) by the network range testing subsystem that the computer system is not in communicative range of a wireless network present on a list of approved wireless networks. - A computer-readable medium (102; 103) having contents configured to cause a computing device to, in order to manage interactions by the computing device with wireless Wi-Fi data networks:access a list of trusted wireless networks;recurringly:determine (212; 221; 222; 242) whether the computing device is within communicative range of any of the trusted wireless networks on the accessed list;in response to determining (212; 222) that the computing device is within communicative range of any of the trusted wireless networks on the accessed list, perform a scan for available wireless networks using (230) a native network address stored persistently in the computing device; andin response to determining (221; 242) that the computing device is not within communicative range of any of the trusted wireless networks on the accessed list, perform a scan (301 to 310) for available wireless networks using (210) a temporary network address different from the native network address stored persistently in the computing device.
- The computer-readable medium of claim 6 wherein the computer-readable medium has contents that further cause the computing device to recurringly change (210; 301 to 303; 303 to 308; 308 to 309; 309 to 310; 311 to 312)the temporary network address used to scan for available wireless networks.
- The computer-readable medium of claim 7 wherein the contents of the computer-readable medium cause the computing system to change the temporary network address used to scan for available wireless networks at intervals (301 to 303; 303 to 306) of varying length.
- The computer-readable medium of claim 7 wherein the contents of the computer-readable medium cause the computing system to, each time the temporary network address used to scan for available wireless network is changed, delay performance of the next scan for available wireless networks following the change by a varying amount of time.
- The computer-readable medium of claim 6 wherein the computer-readable medium has contents that further cause the computing device to:
in response to determining (221; 232; 242; 211) that the computing device is not within communicative range of any of the trusted wireless networks on the accessed list, connect (305 to 306) to an available wireless network (352) not on the accessed list using (220) a temporary network address different from the native network address stored persistently in the computing device. - The computer-readable medium of claim 6 wherein the computer-readable medium has contents that further cause the computing device to:receive user input specifying that a selected wireless network is to be added to the accessed list of trusted wireless networks; andin response to receiving the user input, add the selected wireless network to the accessed list of trusted wireless networks.
- The computer-readable medium of claim 6 wherein the computer-readable medium has contents that further cause the computing device to:receive user input specifying that a selected wireless network is to be removed from the accessed list of trusted wireless networks; andin response to receiving the user input, remove the selected wireless network from the accessed list of trusted wireless networks.
- The computer-readable medium of claim 6 wherein the computer-readable medium has contents that further cause the computing device to:
in response to determining (231) that the computing device is within communicative range of any of the trusted wireless networks on the accessed list, connect (310 to 311) to an available wireless network not on the accessed list using (240) the native network address stored persistently in the computing device. - The computer system of claim 2 wherein the networking module is a network interface card.
- The computer system of claim 2 wherein the network IDs are each a media access control address (220; 240).
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/788,511 US9538461B1 (en) | 2015-06-30 | 2015-06-30 | Circumventing wireless device spatial tracking based on wireless device identifiers |
PCT/US2016/039469 WO2017003892A1 (en) | 2015-06-30 | 2016-06-27 | Circumventing wireless device spatial tracking based on wireless device identifiers |
Publications (2)
Publication Number | Publication Date |
---|---|
EP3318077A1 EP3318077A1 (en) | 2018-05-09 |
EP3318077B1 true EP3318077B1 (en) | 2019-04-24 |
Family
ID=56511890
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP16742086.8A Active EP3318077B1 (en) | 2015-06-30 | 2016-06-27 | Circumventing wireless device spatial tracking based on wireless device identifiers |
Country Status (4)
Country | Link |
---|---|
US (1) | US9538461B1 (en) |
EP (1) | EP3318077B1 (en) |
CN (1) | CN107852598B (en) |
WO (1) | WO2017003892A1 (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CA3126812C (en) * | 2019-01-15 | 2023-07-11 | Arris Enterprises Llc | Improved handling of unique identifiers for stations |
CN111586683B (en) * | 2020-05-29 | 2023-12-15 | 上海英哈科技有限公司 | Mobile radio communication device comprising two iSIMs and an interface for automatically selecting a network |
Family Cites Families (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FI113515B (en) | 2002-01-18 | 2004-04-30 | Nokia Corp | Addressing in wireless LANs |
US7185204B2 (en) | 2003-08-28 | 2007-02-27 | International Business Machines Corporation | Method and system for privacy in public networks |
US7433356B2 (en) | 2004-05-13 | 2008-10-07 | International Business Machines Corporation | Methods and apparatus for creating addresses |
US8429393B1 (en) * | 2004-09-30 | 2013-04-23 | Rockwell Automation Technologies, Inc. | Method for obscuring a control device's network presence by dynamically changing the device's network addresses using a cryptography-based pattern |
KR100636209B1 (en) | 2004-11-12 | 2006-10-19 | 삼성전자주식회사 | Method and apparatus for securing MAC address |
US7706776B2 (en) | 2004-12-06 | 2010-04-27 | Meshnetworks, Inc. | Scheme for MAC address privacy in infrastructure-based multi-hop wireless networks |
CN101213817B (en) | 2005-06-30 | 2011-08-03 | 艾利森电话股份有限公司 | Mapping original MAC address of terminal to unique locally administrated virtual MAC address |
US8009626B2 (en) | 2005-07-11 | 2011-08-30 | Toshiba America Research, Inc. | Dynamic temporary MAC address generation in wireless networks |
CN100499673C (en) * | 2005-10-21 | 2009-06-10 | 华为技术有限公司 | Virtual terminal temporary media access control address dynamic altering method |
JP4816161B2 (en) * | 2006-03-10 | 2011-11-16 | 日本電気株式会社 | Wireless communication apparatus, MAC address management system, wireless communication method, and wireless communication program |
KR101299792B1 (en) | 2007-04-18 | 2013-08-23 | 엘지전자 주식회사 | Method for performing initial ranging in OFDMA based wireless communication system |
KR20100008326A (en) | 2008-07-15 | 2010-01-25 | 엘지전자 주식회사 | Method of supporting location privacy |
WO2010120026A1 (en) | 2009-04-14 | 2010-10-21 | Lg Electronics Inc. | Method for performing uncontrolled handover |
US20120076072A1 (en) * | 2010-09-24 | 2012-03-29 | Marc Jalfon | System and method for maintaining privacy in a wireless network |
US9220007B2 (en) | 2011-02-17 | 2015-12-22 | Cisco Technology, Inc. | Wireless access point MAC address privacy |
US8824678B2 (en) | 2011-04-05 | 2014-09-02 | Broadcom Corporation | MAC address anonymizer |
US20130150035A1 (en) * | 2011-04-21 | 2013-06-13 | Qualcomm Incorporated | Method and apparatus for classifying neighboring devices |
US9717005B2 (en) * | 2012-11-21 | 2017-07-25 | Empire Technology Development Llc | Schemes for connecting to wireless network |
KR20140088354A (en) * | 2013-01-02 | 2014-07-10 | 삼성전자주식회사 | Connection Control Method For Access Point And Electronic Device Supporting the same |
CN103368941B (en) * | 2013-04-22 | 2017-04-05 | 北京奇虎科技有限公司 | A kind of method and apparatus of the protection based on subscriber network access scene |
US20150063205A1 (en) * | 2013-08-29 | 2015-03-05 | Brent Elliott | Mobile station and method for anonymous media access control addressing |
US20150103776A1 (en) * | 2013-10-16 | 2015-04-16 | Nearbuy Systems, Inc. | Event driven anonymous device identifier generation |
US20150281167A1 (en) * | 2014-03-31 | 2015-10-01 | Google Inc. | Specifying a MAC Address Based on Location |
US9668126B2 (en) * | 2014-08-12 | 2017-05-30 | Lenovo (Singapore) Pte. Ltd. | Preventing location tracking via smartphone MAC address |
CN105208206B (en) * | 2015-08-31 | 2018-04-10 | 北京奇虎科技有限公司 | Mobile terminal anti-tracking method and mobile terminal |
-
2015
- 2015-06-30 US US14/788,511 patent/US9538461B1/en active Active
-
2016
- 2016-06-27 WO PCT/US2016/039469 patent/WO2017003892A1/en active Application Filing
- 2016-06-27 EP EP16742086.8A patent/EP3318077B1/en active Active
- 2016-06-27 CN CN201680039268.3A patent/CN107852598B/en active Active
Non-Patent Citations (1)
Title |
---|
None * |
Also Published As
Publication number | Publication date |
---|---|
WO2017003892A1 (en) | 2017-01-05 |
US9538461B1 (en) | 2017-01-03 |
CN107852598B (en) | 2020-11-03 |
CN107852598A (en) | 2018-03-27 |
US20170006529A1 (en) | 2017-01-05 |
EP3318077A1 (en) | 2018-05-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10313997B2 (en) | User equipment registration method for network slice selection and network controller and network communication system using the same | |
JP5395955B2 (en) | Terminal identifier in communication network | |
JP6386069B2 (en) | Connection management method, apparatus, electronic equipment, program, and recording medium | |
US11601429B2 (en) | Network service control for access to wireless radio networks | |
US9648577B1 (en) | ADSS enabled global roaming system | |
CN107113892B (en) | Method and device for automatically networking gateway equipment | |
US12081668B2 (en) | Authentication method, content delivery network CDN, and content server | |
US11025621B2 (en) | Enhancing privacy of network connections | |
CN113938910A (en) | Communication method and device | |
CN103746812A (en) | Access authentication method and system | |
US11075895B2 (en) | Cloud operation interface sharing method, related device, and system | |
CN101807944A (en) | Mobile terminal and data sharing method thereof | |
CN104967997A (en) | Wireless network accessing method, Wi-Fi equipment, terminal equipment and system | |
CN112492580A (en) | Information processing method and device, communication equipment and storage medium | |
CN111221484B (en) | Screen projection method and device | |
AU2014410591A1 (en) | Connection establishment method, device, and system | |
US20160134620A1 (en) | Loading user devices with lists of proximately located broadcast beacons and associated service identifiers | |
US9531700B2 (en) | Authentication survivability for assigning role and VLAN based on cached radius attributes | |
CN104486460B (en) | Application server address acquisition methods, equipment and system | |
EP3318077B1 (en) | Circumventing wireless device spatial tracking based on wireless device identifiers | |
CN111492358B (en) | Device authentication | |
EP3833153B1 (en) | Network connection methods and devices | |
EP4207676A1 (en) | Method and apparatus for establishing secure communication | |
JP2015201768A (en) | Device, method and program for radio communication | |
WO2022037619A1 (en) | Method and apparatus for processing authentication failure, terminal and network side device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: UNKNOWN |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20171218 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: GRANT OF PATENT IS INTENDED |
|
INTG | Intention to grant announced |
Effective date: 20181116 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE PATENT HAS BEEN GRANTED |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
REG | Reference to a national code |
Ref country code: GB Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: EP |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: REF Ref document number: 1125578 Country of ref document: AT Kind code of ref document: T Effective date: 20190515 Ref country code: IE Ref legal event code: FG4D |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R096 Ref document number: 602016012919 Country of ref document: DE |
|
REG | Reference to a national code |
Ref country code: NL Ref legal event code: FP |
|
REG | Reference to a national code |
Ref country code: LT Ref legal event code: MG4D |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: ES Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190424 Ref country code: SE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190424 Ref country code: PT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190824 Ref country code: AL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190424 Ref country code: NO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190724 Ref country code: FI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190424 Ref country code: LT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190424 Ref country code: HR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190424 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: PL Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190424 Ref country code: GR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190725 Ref country code: LV Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190424 Ref country code: BG Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190724 Ref country code: RS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190424 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R082 Ref document number: 602016012919 Country of ref document: DE |
|
REG | Reference to a national code |
Ref country code: AT Ref legal event code: MK05 Ref document number: 1125578 Country of ref document: AT Kind code of ref document: T Effective date: 20190424 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IS Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190824 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R097 Ref document number: 602016012919 Country of ref document: DE |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: AT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190424 Ref country code: DK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190424 Ref country code: EE Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190424 Ref country code: CZ Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190424 Ref country code: RO Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190424 Ref country code: MC Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190424 Ref country code: SK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190424 |
|
REG | Reference to a national code |
Ref country code: CH Ref legal event code: PL |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: SM Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190424 Ref country code: IT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190424 |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
REG | Reference to a national code |
Ref country code: BE Ref legal event code: MM Effective date: 20190630 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: TR Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190424 |
|
26N | No opposition filed |
Effective date: 20200127 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: IE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20190627 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CH Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20190630 Ref country code: LU Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20190627 Ref country code: LI Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20190630 Ref country code: SI Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190424 Ref country code: BE Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES Effective date: 20190630 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: CY Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190424 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MT Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190424 Ref country code: HU Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO Effective date: 20160627 |
|
PG25 | Lapsed in a contracting state [announced via postgrant information from national office to epo] |
Ref country code: MK Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT Effective date: 20190424 |
|
P01 | Opt-out of the competence of the unified patent court (upc) registered |
Effective date: 20230429 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: NL Payment date: 20240521 Year of fee payment: 9 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: GB Payment date: 20240521 Year of fee payment: 9 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: DE Payment date: 20240521 Year of fee payment: 9 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: FR Payment date: 20240522 Year of fee payment: 9 |